Hi,

I am sharing the powershell script i use to Disable unused network accounts. I pinched it off another website and adapted it. You simply set the inactive days, your OU, and email server details at the top of the script. Then set it as a scheduled task to run every night. It will find the accounts that need disabling, disable them add a note to the description and send an email to tech support with a report.

You will need to install this on your server, its free - PowerShell Commands (CMDLETs) for Active Directory by Quest

Any questions just ask!

Cheers.

Code:
### User Variables ###

# Query Options #
$searchRoot = "domain.local/School Users/sub ou" # Where to begin your recursive search - If you use top-level (e.g. "domain.local/") make sure to have a trailing slash, otherwise do not use a slash (e.g. "domain.local/Users")
$inactiveDays = 80 # Integer for number of days of inactivity (e.q. 90)
$timeSinceCreation = 80 # Integer for number of "grace" days since the account was created (to prevent disabling of brand new accounts)
$sizeLimit = 0 # How many users do you want returned. 0 = unlimited. Without setting this the default is 1000

# Email Settings #
$emailAlerts = 1 # Turn e-mail alerts on or off. 0 = off
$fromAddr = "noreply@schho.com" # Enter the FROM address for the e-mail alert
$toAddr = "it@school.com" # Enter the TO address for the e-mail alert
$smtpsrv = "mail.school.com" # Enter the FQDN or IP of a SMTP relay

# Enable Script #
$enableAction = 1 # Change to 0 if you want to "whatif" this script - It will bypass the actual account disabling (turn e-mail alerts on!)

######################

Add-PSSnapin "Quest.ActiveRoles.ADManagement"

$creationCutoff = (Get-Date).AddDays(-$timeSinceCreation)
$inactiveUsers = @(Get-QADUser -SearchRoot $searchRoot -Enabled -NotMemberof "No Auto Disable" -NotLoggedOnFor $inactiveDays -CreatedBefore $creationCutoff -SizeLimit $sizeLimit | Select-Object Name,SamAccountName,LastLogonTimeStamp,Description | Sort-Object Name)

### Disable Accounts ###
$date = Get-Date -format "dd/MM/yyyy"
if ($enableAction -eq 1 -and $inactiveUsers -ne $null){
foreach($user in $inactiveUsers){
Set-QADUser $user.SamAccountName -Description "Inactive account, automatically disabled on $date - $($user.Description)" | Disable-QADUser
}
}
######

### Email Alerts ###
if ($emailAlerts -eq 1 -and $inactiveUsers -ne $null){

$date = Get-Date -DisplayHint Date

$body = @("
<center><table border=1 width=50% cellspacing=0 cellpadding=8 bgcolor=Black cols=3>
<tr bgcolor=White><td>Name</td><td>Username</td><td>Last Login</td></tr>")

$i = 0

do {
if($i % 2){$body += "<tr bgcolor=#D2CFCF><td>$($inactiveUsers[$i].Name)</td><td>$($inactiveUsers[$i].SamAccountName)</td><td>$($inactiveUsers[$i].LastLogonTimestamp)</td></tr>";$i++}
else {$body += "<tr bgcolor=#EFEFEF><td>$($inactiveUsers[$i].Name)</td><td>$($inactiveUsers[$i].SamAccountName)</td><td>$($inactiveUsers[$i].LastLogonTimestamp)</td></tr>";$i++}
}
while ($inactiveUsers[$i] -ne $null)

$body += "</table></center>"

Send-MailMessage -To $toAddr -From $fromAddr -Subject "Info: $($inactiveUsers.Count) FPHS User Accounts Disabled on $date" -Body "$body" -SmtpServer $smtpsrv -BodyAsHtml
}
######

exit